CVE-2026-28810
published 2026-04-07CVE-2026-28810: Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS…
PriorityP417low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EPSS
0.27%
18.5th percentile
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers.
inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead users to deploy the resolver in environments where spoofed DNS responses are possible.
This vulnerability is associated with program files lib/kernel/src/inet_db.erl and lib/kernel/src/inet_res.erl.
This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to kernel from 3.0 until 10.6.2, 10.2.7.4 and 9.2.4.11.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | erlang | < erlang 1:27.3.4.10+dfsg-1 (sid) | erlang 1:27.3.4.10+dfsg-1 (sid) |
| erlang | erlang_otp | >= 17.0 < 26.2.5.19 | 26.2.5.19 |
| erlang | erlang_otp | >= 27.0 < 27.3.4.10 | 27.3.4.10 |
| erlang | erlang_otp | >= 28.0 < 28.4.2 | 28.4.2 |
| erlang | otp | >= 07b8f441ca711f9812fad9e9115bab3c3aa92f79 < * | * |
| erlang | otp | >= 17.0 < * | * |
| erlang | otp | >= 3.0 < * | * |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv6.3MEDIUM
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Erlang OTP up to 28.4.2 inet_res/inet_db generation of predictable numbers or identifiers (Nessus ID 305613 / WID-SEC-2026-0998)
vuldb·2026-04-13·CVSS 6.3
CVE-2026-28810 [MEDIUM] Erlang OTP up to 28.4.2 inet_res/inet_db generation of predictable numbers or identifiers (Nessus ID 305613 / WID-SEC-2026-0998)
A vulnerability categorized as problematic has been discovered in Erlang OTP up to 28.4.2. This affects an unknown part of the component inet_res/inet_db. Executing a manipulation can lead to generation of predictable numbers or identifiers.
This vulnerability is registered as CVE-2026-28810. It is possible to launch the attack remotely. No exploit is available.
OSV
CVE-2026-28810: Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning
osv·2026-04-07·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810: Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers. inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead users to deploy the resolver in environments where spoofed DNS responses ar
Red Hat
erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
vendor_redhat·2026-04-07·CVSS 6.3
CVE-2026-28810 [MEDIUM] CWE-331 erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers.
inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, whic
Debian
CVE-2026-28810: erlang - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP ker...
vendor_debian·2026·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810: erlang - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP ker...
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers. inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead users to deploy the resolver in environments where spoofed DNS responses ar
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [fedora-all]
bugzilla·2026-04-07·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [fedora-all]
CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-2a93359b0b (erlang-26.2.5.19-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-2a93359b0b
---
FEDORA-2026-53a7ddccc8 (erlang-26.2.5.19-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-53a7ddccc8
---
FEDORA-2026-dd4a7e240e (erlang-26.2.5.19-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject
Bugzilla
CVE-2026-28810 erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
bugzilla·2026-04-07·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810 erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
CVE-2026-28810 erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers.
inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment
Bugzilla
CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [epel-all]
bugzilla·2026-04-07·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [epel-all]
CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Wiz
CVE-2026-28810 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-28810 [MEDIUM] CVE-2026-28810 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28810 :
Linux Debian vulnerability analysis and mitigation
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers.
inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead
https://cna.erlef.org/cves/CVE-2026-28810.htmlhttps://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fdhttps://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8https://osv.dev/vulnerability/EEF-CVE-2026-28810https://www.erlang.org/doc/system/versions.html#order-of-versions
2026-04-07
Published